foo.sh/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ldap_server: Set correct DN when using SASL auth

Browse source
This commit is contained in:
Timo Makinen 2023-01-29 02:45:04 +00:00
parent 1c9da5f582
commit a98696e1c1
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
roles/ldap_server/templates/slapd.conf.j2
View file

@ -124,6 +124,14 @@ authz-regexp
authz-regexp authz-regexp
"uid=([^,]\+),cn=gss-spnego,cn=auth" "uid=([^,]\+),cn=gss-spnego,cn=auth"
"ldap:///{{ ldap_basedn }}??sub?(&(uid=$1)(objectClass=posixAccount))" "ldap:///{{ ldap_basedn }}??sub?(&(uid=$1)(objectClass=posixAccount))"
# map sasl plain users
authz-regexp
"uid=([^.]\+),cn=plain,cn=auth"
"ldap:///{{ ldap_basedn }}??sub?(&(uid=$1)(objectClass=posixAccount))"
# map sasl login users
authz-regexp
"uid=([^.]\+),cn=login,cn=auth"
"ldap:///{{ ldap_basedn }}??sub?(&(uid=$1)(objectClass=posixAccount))"
# require authentication for authenticated users that don't match above # require authentication for authenticated users that don't match above
access to * access to *